Search

You are currently browsing the archives for the Products category.

Disclaimer

Let it be known, long and far across all distant lands. This blog is totally independant from Microsoft and any other company or organisation and this blog (not the people) is not affiliated with Microsoft at all.

“Cannot find the recipient update service responsible for domain ‘dc=sample,dc=domain,dc=com’. new and existing users may not be properly Exchange-enabled.”

The Windows Firewall service must be started before Setup can continue.

Analysis:

You checked the Exchange log (ExchangeSetup.log). It showed:

Error ONE:

[2/16/2015 1:11:59 AM] [1] [ERROR] Unexpected Error
[2/16/2015 1:11:59 AM] [1] [ERROR] The operation could not be performed because object ‘exchserver01’ could not be found on domain controller ‘adserver01.domain.com’.
[2/16/2015 1:11:59 AM] [1] Ending processing.
[2/16/2015 1:11:59 AM] [1] [ERROR] The Windows Firewall service must be started before Setup can continue.

You verify from the Domain Controller adserver01.domain.com that the Exchange server object is there. You also verify that the Exchange Server is able to communicate with the adserver01.domain.com

Error TWO:

“Cannot find the recipient update service responsible for domain ‘dc=sample,dc=domain,dc=com’. new and existing users may not be properly Exchange-enabled.”

You will need to remove the RUS manually. Most likely Exchange 2003 wasn’t decomm-ed properly (if you are no longer using Exchange 2003).

Solution:

Error ONE:

Ignore the error “[2/16/2015 1:11:59 AM] [1] [ERROR] The operation could not be performed because object ‘exchserver01’ could not be found on domain controller ‘adserver01.domain.com’.”

Just proceed with starting the Windows Firewall service and rerun the update of Service Pack.

Error TWO:

Remove the RUS (If you no longer have any Exchange 2003 server in your environment).

You will not be able to delete the Recipient Update Service (Enterprise Configuration) by using Exchange 2003 or Exchange 2000 System Manager. Perform the following steps to delete theRecipient Update Service (Enterprise Configuration) by using ADSI Edit (AdsiEdit.msc):

Back in August I posted a blog announcing the beta release of Azure AD Connect. Since then we have received a lot of feedback and made improvements in AAD Connect and AAD Sync, including multi forest support and password write back.

The biggest thing we’ve learned from you, our customers and partners, is that rather than a bunch of different tools (DirSync, AAD Connect, AAD Sync, ADFS, etc.) you want one simple, integrated tool for connecting your existing Windows Server Active Directory with Azure Active Directory. You’ll be happy to know that we’ve acted on your feedback!

Today we’re releasing a public preview of the “new” Azure AD Connect (you can download it here).

Azure AD Connect is “new” because it is now one integrated tool that includes all the advances of AAD Sync and the features from the beta release of Azure AD Connect into simple, fast & lightweight solution. Azure AD Connect has everything you need to connect your Windows Server AD(s) and Azure AD with only 4 clicks.

Now you can get started using Azure AD in under an hour, no new hardware required!

With this preview you can choose Express Settings or Custom settings just like before, only now you get the latest sync engine and capabilities.

Because it’s our first combined wizard and it is in Preview status, we are not supporting production deployments for this release. Our next release will be production supported.

Our goal is to bring 100% of the previous DirSync functionality into Azure AD Connect. Before we GA Azure AD Connect we will bring all Dirsync functionality in.

We’ve received a lot of great feedback from you and have incorporated most it. But that doesn’t mean we’re done. Please keep the feedback coming!

Our goal is to GA Azure AD Connect with additional sync options, seamless migration from Dirsync, and production support in the next 90 days.

Please note there will no longer be separate releases of Azure AD Sync and Azure AD Connect. And we have no future releases of DirSync planned. Azure AD Connect is now your one stop shop for sync, sign on and all combinations of hybrid connections.

In Exchange Management Console (EMC), under Move Request, there is some mailbox being moved. This action was not done by the local IT administrators. The mailbox affected are mailboxes already migrated to Office 365.

Solution/Explanation:

Run a Get-MoveRequest and if you see something like below, you are actually seeing the database being moved from Exchange Online DB to another Exchange Online DB. This is part of Exchange Online DB maintenance. There is no impact to users.

ExchangeGuid : 404b747c-d942-4ecc-ba61-9459c234a8d3

SourceDatabase : APCPR04DG020-db001

TargetDatabase : APCPR04DG011-db170

SourceArchiveDatabase :

TargetArchiveDatabase :

Flags : IntraOrg, Pull, MoveOnlyPrimaryMailbox

Posted in Office365|Comments Off on Exchange Management Console shows mailbox is migrating/migrated from one DB to another DB

When you are trying to delete a verified domain name in Office 365, an error pops up saying that some users or Office365 services are still attached to the domain.

Root Cause:

Just like what the error said, some of the Office 365 services or users are still attached/assigned to the domain name that you are trying to remove.

Solution:

Things to check:

Ensure that no users are associated with the domain that you are trying to delete. You can verify this by going into Users And Groups, and Edit a user. Ensure that the domain you are trying to delete, eg, abc.com, is not listed there.

Ensure that no security groups/distribution groups have the accounts attached to abc.com. Security groups/distribution groups can be access by logging into Office 365, click on Users And Groups, and click on Security Groups.

If you have just deleted the users, or changed the domain for each individual users, you will need to wait for a while (1 min?) as it will need to sync the changes to the different Office365 service settings.

If the accounts are uploaded to Dirsync, you will need to stop the Dirsync synchronization to change the accounts to a Cloud Only account. Then, you will need to do step 1-3 above to delete the Security groups; and/or manually modify the e-mail addresses fields in Office 365, Exchange Online.

Posted in Office365|Comments Off on Office 365 – Unable to remove verified Domain name

MIISClient.exe shows that a bunch of user accounts failed to sync with the error “Insufficient Permission”.

Solution:

Certain permissions needed by MSOL Service Account went missing (for whatever reason!). All we had to do is to recheck back the permissions.

Step 1: Run the Azure Active Directory Sync tool Configuration Wizard

Make sure that the latest version of the Directory Sync tool is installed and that you run the Azure Active Directory Sync tool Configuration Wizard. When you run the wizard, one screen prompts you to enable rich coexistence. Complete the wizard, and then start directory synchronization.

Alternatively, you can run the Enable-MSOnlineRichCoexistence cmdlet after the Directory Sync tool is installed to enable the write-back feature. This cmdlet must be run by using enterprise credentials or should be run by the enterprise admin.

Step 2: Confirm MSOL_AD_Sync_RichCoexistence permissions

If step 1 doesn’t resolve the issue, check that the MSOL_AD_Sync user belongs to the MSOL_AD_Sync_RichCoexistence group and that the group has Allow permissions to the user who is experiencing the issue, where write-back is not working for the following attributes:

msExchSafeSendersHash

msExchBlockedSendersHash

msExchSafeRecipientHash

msExchArchiveStatus

msExchUCVoiceMailSettings

ProxyAddresses

To do this, follow these steps:

In Active Directory, make sure that the MSOL_AD_Sync_RichCoexistence group exists and that the MSOL_AD_Sync user is a member of the group.

In the on-premises environment, use Active Directory Users and Computers to open the user properties for the user who is experiencing the issue.

On the Security tab, click Advanced.
Note You must enable advanced features to complete step 3.

Make sure that the MSOL_AD_Sync_RichCoexistence group is listed. If it’s not listed, add the group, and then make sure that the group is granted Allow permissions to write to the attributes that are listed previously.

Note Step 2 may be required if the object does not inherit permissions from the parent. This issue may be resolved by making sure that the object inherits permissions from the parent object.

6. Ensure that in all Exchange Servers (including the inactive ones located in the DR sites), the Get-WebServicesVirtualDirectory has the correct ExternalURL: https://mail.contoso.com/ews/exchange.asmx (and is routable from the internet)

Problem: You are using Quest Notes Migrator for Exchange (NME) to migrate from Lotus Dominos to Exchange Online/Exchange On-premise, and on migrating the user accounts, new emails are no longer entering Lotus Dominos.

Problem Statement: You want to have a copy of the new email stored in Lotus Dominos and have a copy forwarded to Exchange Online/Exchange On-premise.

Solution: To be exact, there is no solution to this, as Quest NME tool doesn’t allow the support to have a copy left on the Lotus Dominos before forwarding it to Exchange Online/Exchange on-premise. However it might be possible (correct me if I’m wrong) to configure Lotus Dominos directly to leave a copy before forwarding it, if NME tool modifies Lotus Dominos parameters directly.

Posted in Office365|Comments Off on Lotus Dominos Migration to Exchange Online/Exchange using Quest Notes Migrator for Exchange

I stumbled across a quirky issue todayÂ which was causing scheduled TFSBuild jobsÂ to fail with the following error: â€œUnable to read data from the transport connection: An existing connection was forcibly closed by the remote hostâ€. When executing the build definition manually I could not reproduce the issue; the build would run through without any errors.

After a bit of searching it turns out there is a small bug in IIS 7.5 (introduced in Windows Server 2008 R2) which prevents TFS downloading files larger than 2MB over a slow network connection; IIS will expire the idle connection time-out and disconnect mid-transfer.

Installing KB981898 from Microsoft Support will fix this bug and allow TFS builds to run-through without any issues.

-Patrick

Posted in Bugs, Visual Studio|Comments Off on TFS Build Failure Due to IIS Connection close